Описание
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | released | 2017.7.4+dfsg1-1ubuntu18.04.2+esm1 |
| esm-apps/jammy | needs-triage | |
| esm-apps/xenial | released | 2015.8.8+ds-1ubuntu0.1+esm2 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | ignored | end of life |
| hirsute | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
An issue was discovered in through SaltStack Salt before 3002.5. salt- ...
SaltStack Salt Improper Authentication vulnerability
Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с неправильным ограничением доступа, позволяющая нарушителю получить несанкционированный доступ к другим ограниченным функциям
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3